[Intel-gfx] [bug report] drm/i915: Engine discovery query
Chris Wilson
chris at chris-wilson.co.uk
Wed May 29 12:08:59 UTC 2019
Quoting Dan Carpenter (2019-05-29 12:52:43)
> Hello Tvrtko Ursulin,
>
> The patch c5d3e39caa45: "drm/i915: Engine discovery query" from May
> 22, 2019, leads to the following static checker warning:
>
> drivers/gpu/drm/i915/i915_query.c:134 query_engine_info()
> warn: calling '__copy_to_user()' without access_ok()
>
> drivers/gpu/drm/i915/i915_query.c
> 97 query_engine_info(struct drm_i915_private *i915,
> 98 struct drm_i915_query_item *query_item)
> 99 {
> 100 struct drm_i915_query_engine_info __user *query_ptr =
> 101 u64_to_user_ptr(query_item->data_ptr);
>
> query_item->data_ptr comes from the ioctl and hasn't been checked.
copy_query_items() does the access_ok() check for the data portion after
the header.
-Chris
More information about the Intel-gfx
mailing list